MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27dd03510188c3ed0473d71fdedb1add484ccd709ec978fc6834f23a2accebca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AmosStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27dd03510188c3ed0473d71fdedb1add484ccd709ec978fc6834f23a2accebca
SHA3-384 hash: 705570f2c8fa091569fb10cec784da7b767a4aeb11d6acf999d5ba5d46b47398407b71a5c45211532b9367fb3a1ae3b0
SHA1 hash: bec4173d805220b22706b4019419165bf247aaca
MD5 hash: 8e0cf26b33496076f40239ffe1c13d18
humanhash: avocado-louisiana-jig-georgia
File name:update
Download: download sample
Signature AmosStealer
Create hunting rule
File size:2'751'896 bytes
First seen:2025-08-23 07:46:02 UTC
Last seen:Never
File type:php macho
MIME type:application/x-mach-binary
ssdeep 12288:eVOPLLjNRJw3JIYf+Xxqga1hhuJj3ZwoVF1VOPLLjNRJw3JIYf+Xxqga1hhuJj30:kOPHKFgaFStwo/OPHKFgaFStwok
TLSH T1C7D52B4AB9C0DF37C55BE933989A431411B8DD416B42C74BC19CF37B3E82B9829E66C9
TrID 82.2% (.DYLIB) Mac OS X Mach-O universal Dynamically linked shared Library (32500/1/5)
17.7% (.O/DYLIB/BUNDLE) Mac OS X Universal Binary (generic) (7002/2)
Magika macho
Reporter b0gdanw
Tags:AmosStealer infostealer machO macOS


Avatar
b0gdanw
https://smxyrc.com/get26.php -> https://ctktravel.com/get26/install.sh -> https://ctktravel.com/get26/update

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
CH CH
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68a971f8e9d9dbcfd96d32ce
Tags:
n/a
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68a972044a87ed796768f394/reports/65a9a4bc-219e-4747-9092-8a5a1e6395d0/overview
Verdict:
Malicious
Labled as:
Trojan[PSW]/MacOS.Agent
Link:
https://www.hybrid-analysis.com/sample/27dd03510188c3ed0473d71fdedb1add484ccd709ec978fc6834f23a2accebca
Verdict:
Malicious
File Type:
macho fat
First seen:
2025-08-23T06:06:00Z UTC
Last seen:
2025-08-23T06:06:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/27dd03510188c3ed0473d71fdedb1add484ccd709ec978fc6834f23a2accebca/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
Mach-O universal binary
Link:
https://malprob.io/report/27dd03510188c3ed0473d71fdedb1add484ccd709ec978fc6834f23a2accebca
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/27dd03510188c3ed0473d71fdedb1add484ccd709ec978fc6834f23a2accebca/
Threat name:
MacOS.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-08-23 07:46:52 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e7oqguibrdb62bdt24p55wy23veeztlqt3exr7digtzdukwm5pfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/27dd03510188c3ed0473d71fdedb1add484ccd709ec978fc6834f23a2accebca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AmosStealer

php macho 27dd03510188c3ed0473d71fdedb1add484ccd709ec978fc6834f23a2accebca

(this sample)

  
Delivery method
Distributed via web download

Comments